February 18, 2026
Roll the dice? It’s always 7
AI-generated password isn't random, it just looks that way
AI ‘strong’ passwords aren’t random — commenters shout “of course!”
TLDR: Researchers found chatbots generate look-strong but patterned passwords that are easy to guess, with duplicates and predictable layouts. Commenters mocked the finding as obvious, memed the number “7,” and urged using true randomness or password managers—warning this matters if AI-written code ships with predictable secrets.
The internet is having a field day after researchers at Irregular showed that AI chatbots spit out “strong”-looking passwords that are actually predictable. Think long strings with symbols that wow online checkers… but follow the same patterns. Some even duplicated across runs. One test: 50 prompts to Anthropic’s Claude, only 30 unique; many started and ended the same, with zero repeated characters — a dead giveaway of non-randomness. The team says these look complex but carry low “entropy” (unpredictability), meaning they could be cracked in hours on an old PC. Google’s Gemini even slapped a warning not to use its chat-made passwords and pushed passphrases and managers like 1Password and Bitwarden.
Commenters? Absolutely roasting it. One user rolled their eyes: “they always choose the same few names” in AI-made fiction, so why expect randomness in passwords. Another pounced: “Nothing about LLMs is random.” A sysadmin dropped a one-liner to generate real randomness from your computer, while the meme brigade spammed xkcd’s “random number: 4” and a running gag where Claude keeps picking 7 again and again. The hot debate: is this an AI fail or user misuse? Some say chatbots were never meant to be dice, others warn if AI starts writing most code, predictable “secrets” could be everywhere. Drama level: high, trust level: low.
Key Points
- •Irregular found that passwords generated by Claude, GPT-5.2, and Gemini appear complex but follow predictable patterns that reduce security.
- •In 50 prompts to Claude Opus 4.6, only 30 passwords were unique; 20 were duplicates (18 identical), with consistent start/end characters and no repeated characters.
- •Entropy estimates for 16-character LLM-generated passwords were ~27 bits (character stats) and ~20 bits (log probabilities), far below expectations for true randomness.
- •The Register’s tests with Gemini 3 Pro showed patterned outputs in two options and a more randomized third; Gemini warned against using chat-generated passwords for sensitive accounts and recommended password managers.
- •Irregular claims such passwords could be brute-forced within hours on decades-old computers, and pattern searches can reveal LLM-generated passwords across GitHub and the web.